Privacy Policy

Last updated: June 2026

Helix is built privacy-first. This policy explains the little we collect and the lot we don't. Helix is operated by Blackpeak CFO Ltd ("we"), the data controller for the limited account data described below.

What we DON'T collect

• Your email. Your messages are fetched and processed locally on your device. Your email content is never sent to or stored on our servers.
• Your AI key or AI data. AI features use a key you supply, stored on your device. AI requests go directly from your device to your chosen provider. We never see your key or your email content.
• Your mailbox credentials. Stored encrypted on your device, used only to connect to your own email servers.

What we DO collect

• Account details — the email address and password (stored only as a secure hash) you use for your Helix account, to manage your licence.
• Billing — handled by our payment processor (a Merchant of Record / Stripe). We receive subscription status, not your card number.
• Basic operational logs — minimal, to keep the licensing service running and secure.

How we use it

To provide your licence, process your subscription, and support you. We do not sell your data or use it for advertising.

Your rights (UK GDPR)

You can access, correct, export, or delete your account data, and object to or restrict processing. Email hello@blackpeakcfo.com and we'll action it. You can also complain to the ICO.

Retention & cookies

We keep account data while your account is active and delete it on request after closure (subject to legal/billing retention). The website uses only essential cookies.

This is a starting template and should be reviewed by a solicitor before launch.